(void) close(fds[1]);
if ( (dup2(fds[0],0) == -1) || (dup2(fds[0],1) == -1) ) {
report(stderr, GT_("dup2 failed\n"));
- exit(1);
+ _exit(EXIT_FAILURE);
}
/* fds[0] is now connected to 0 and 1; close it */
(void) close(fds[0]);
argvec = parse_plugin(plugin,host,service);
execvp(*argvec, argvec);
report(stderr, GT_("execvp(%s) failed\n"), *argvec);
- exit(0);
+ _exit(EXIT_FAILURE);
break;
default: /* parent */
/* NOP */
}
#endif /* HAVE_SOCKETPAIR */
+/** Set socket to SO_KEEPALIVE. \return 0 for success. */
+int SockKeepalive(int sock) {
+ int keepalive = 1;
+ return setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, &keepalive, sizeof keepalive);
+}
+
int UnixOpen(const char *path)
{
int sock = -1;
return -1;
}
- /* Socket opened saved. Usefull if connect timeout
- * because it can be closed.
- */
- mailserver_socket_temp = sock;
-
- if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
+ /* Socket opened saved. Usefull if connect timeout
+ * because it can be closed.
+ */
+ mailserver_socket_temp = sock;
+
+ if (connect(sock, (struct sockaddr *) &ad, sizeof(ad)) < 0)
{
int olderr = errno;
fm_close(sock); /* don't use SockClose, no traffic yet */
errno = olderr;
sock = -1;
}
-
- /* No connect timeout, then no need to set mailserver_socket_temp */
- mailserver_socket_temp = -1;
+
+ /* No connect timeout, then no need to set mailserver_socket_temp */
+ mailserver_socket_temp = -1;
return sock;
}
continue;
}
+ SockKeepalive(i);
+
/* Save socket descriptor.
* Used to close the socket after connect timeout. */
mailserver_socket_temp = i;
if (outlevel >= O_VERBOSE) {
if (depth == 0 && SSLverbose)
- report(stderr, GT_("Server certificate:\n"));
+ report(stdout, GT_("Server certificate:\n"));
else {
if (_firstrun) {
_firstrun = 0;
}
}
}
- sk_GENERAL_NAME_free(gens);
+ GENERAL_NAMES_free(gens);
}
if (name_match(p1, p2)) {
matched = 1;
{
struct stat randstat;
int i;
+ long sslopts = SSL_OP_ALL;
SSL_load_error_strings();
SSL_library_init();
/* Make sure a connection referring to an older context is not left */
_ssl_context[sock] = NULL;
if(myproto) {
- if(!strcasecmp("ssl3",myproto)) {
+ if(!strcasecmp("ssl2",myproto)) {
+#if HAVE_DECL_SSLV2_CLIENT_METHOD + 0 > 0
+ _ctx[sock] = SSL_CTX_new(SSLv2_client_method());
+#else
+ report(stderr, GT_("Your operating system does not support SSLv2.\n"));
+ return -1;
+#endif
+ } else if(!strcasecmp("ssl3",myproto)) {
_ctx[sock] = SSL_CTX_new(SSLv3_client_method());
} else if(!strcasecmp("tls1",myproto)) {
_ctx[sock] = SSL_CTX_new(TLSv1_client_method());
} else if (!strcasecmp("ssl23",myproto)) {
myproto = NULL;
} else {
- fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSL23).\n"), myproto);
+ fprintf(stderr,GT_("Invalid SSL protocol '%s' specified, using default (SSLv23).\n"), myproto);
myproto = NULL;
}
}
return(-1);
}
- SSL_CTX_set_options(_ctx[sock], SSL_OP_ALL | SSL_OP_NO_SSLv2);
+ {
+ char *tmp = getenv("FETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE");
+ if (tmp == NULL || *tmp == '\0' || strspn(tmp, " \t") == strlen(tmp))
+ sslopts &= ~ SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
+ }
+
+ SSL_CTX_set_options(_ctx[sock], sslopts);
if (certck) {
SSL_CTX_set_verify(_ctx[sock], SSL_VERIFY_PEER, SSL_ck_verify_callback);
return count;
}
#endif /* __CYGWIN__ */
-
-#ifdef MAIN
-/*
- * Use the chargen service to test input buffering directly.
- * You may have to uncomment the `chargen' service description in your
- * inetd.conf (and then SIGHUP inetd) for this to work. */
-main()
-{
- int sock = SockOpen("localhost", "chargen", NULL);
- char buf[80];
-
- while (SockRead(sock, buf, sizeof(buf)-1))
- SockWrite(1, buf, strlen(buf));
- SockClose(sock);
-}
-#endif /* MAIN */
-
-/* socket.c ends here */